Slashdot Mirror
Are Spam Blockers Too Strict?
Myrte writes "Wired.com has a long piece on whether spam blockers are blocking wanted messages." From the article: "For years, e-mail users complained that torrents of unwanted messages clogged their inboxes and crimped their productivity. Now, e-mail users, marketers and mailing list operators are more worried that spam filters are blocking out too many wanted messages. AOL isn't the only company to face charges that it improperly blocks legitimate messages. But, as the world's largest ISP for years, it has long borne the brunt of complaints from mass e-mailers over the problem."
The absolute biggest piece of hilarity is Norton Antispam. People rush out and buy it, and install it on their computers. Usually they never do anything in the way of setting it up (just expect it to work magically), but that makes no difference because it continually reconfigures itself on its own whims.
:rolleyes:
And then they call and abuse their ISP support personnel for days on end of "I'm not getting any of my damned email!!"
And it's all right there in their 'Deleted Items' folder.
do() || do_not();
I used to work for a company that sent emails to medical professionals regarding ongoing clinical drug studies.
These emails absolutely took "opt-in" to the next level.
Not only did the doctors opt-in to receive these emails, they had to go through a fairly rigorous screening process to be eligible to receive them. On top of that, it actually would have been highly illegal for us to send these emails to others!
So, needless to say, the emails weren't spam and were going to modestly-sized email lists of 100-1,000 total recipients, approx 25% of which were AOL users.
And still, we had countless problems with AOL blocking them. AOL never listened nor responded.
OtakuBooty.com: Smart, funny, sexy nerds.
I know this isn't the final answer, but to me it is by far the most responsible and far reaching.
Will spammers register real domains, yes. Will they send emails with a fake from address that has at least a valid domain, yes. It makes it just that much harder, and makes it harder to use farms. If the SPF record has a huge subnet then the spam blockers can ignore it, and then put it on a watch list. At least we are adding some level of authentication to the process.
The cost of SPF is so little, I don't understand why their is not more push for it, and why we can't just give it a shot. I'd rather do that then go thru some authentication process with a company and then pay for some type of certicificate. Lastly, as a programmer I hate when all of the suden we have to do quadruple opt-outs, when the real problem is people sending gobs of rolex adds from their dorm room with or without their knowledge.
This is one of the things SPF (http://www.openspf.org/) is meant to end - false positives. One of the problems with SMTP is that you can't build up a reputation by domain because anyone can claim to be you.
If a verified sender is sending [lots of] unwanted email, they are a spammer and should be blacklisted. Otherwise, verified senders should probably be trusted.
You meant to say SPF and DKIM.
"senderID" was an unsuccessful non-standard created by Microsoft hijacking SPFv2 with submarine patents and other deceits. Read up on MARID and see what I mean. senderID is dead, do not try to implement it, do SPFv1 or domainkeys if you want the current gold standard.
DKIM is the successor to domainkeys, and it's looking pretty good.
There is no "easy" involved in crypto, however. If you want "easy" do SPFv1... spoofing prevention with 5 minutes of work by any competent DNS administrator.